iRule question

Question

for one of the application using SAML for authentication. F5 is pass through for authentication, no apm policy applied&nbsp;
requirement is as below.&nbsp;
SSO should be enabled if already login into enterprise applications. (thinking of using MRHsession cookie, not sure though)If user is accesing application from office laptop (where already login into corporate network using AD ntlm) access should be seamless.For other users it should go to /public login page

brad_parker · Answer

Will something like this possibly work for you?
when HTTP_REQUEST {
    check for session cookie and forward on to pool if exists
    if { HTTP::cookie exists MRHsession }{
        return
    }
    if no session cookie check is client is on the corporate network and forward on to pool if yes
    elseif { [IP::addr[IP::client_addr] equal 10.0.0.0/8] }{
        return
    }
    if no session cookie or not on the corporate network redirect to the public login page
    else {
        HTTP::redirect "http://[HTTP::host]/public"
    }
}

Forum Discussion

iRule question

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AWS F5_OWASP Managed Rule Blocking requests

Owa did not show support id asm

Questions on Migrating configs from iSeries to RSeries F5s

Add all rule labels to events in F5 Rules for AWS WAF - Web exploits OWASP Rules

Does XC DNS support health monitoring for CNAME records?

Related Content

irule logging question

Novice Question - irules

UCS Encryption Question

iRules Style Guide

Site Launch Frequently Asked Questions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS